The operation to carry out in the outgoing messages (sign, encrypt or both) is chosen exactly before presing "y" to send the message, inside the option menu that is visible with the "p" option. Once you have choosen the operation to carry out, only the line PGP in the message header showed in the screen will change, but until you send the message with "y" you won't be asked to insert the pass phrase to activate the sign of the message or the public keys to use to encrypt in the case that no receptors were found in our public keys ring.

NOTE: In the case that the pass phrase was mistyped when it was asked for, Mutt seems to be "hung", but that's not true, it is waiting for it to be retyped. To do this, push the <Enter> key and delete the pass phrase from memory with <Ctrl>F. Next we repeat the message sending with ("y") and retype the pass phrase.

Through this procedure, Mutt will use PGP/MIME to send the message, and one more file will appear in the list of files to be sent with the sign (if we only select to sign) or it will encrypt the complete message (all its MIME parts) and it will only leave two MIME parts, the first with the PGP/MIME version and the second with the encrypted message (with all its MIME parts inside) and signed (if we selected to do it).

Note: By some reasons, if the receptor mail user agent can not use MIME, we may need that the sign will be included inside the message body. See section about application/pgp with PGP5 and with GnuPG.

Mutt will try to verify the sign or decrypt automatically the incoming messages that use PGP/MIME. See section Procmail notes and tips, in which it is commented how to change the MIME type automatically to the incoming messages that do not set its MIME type correctly.

In the next sections you can find modifications to the Mutt configuration file to use PGP2, PGP5, and GnuPG easily.

To do that, a new configuration file that we called .gnupgp.mutt (that's our name, you can call it any other name setting the name of this file into the main configuration file ~/.muttrc).

This can be done including the complete path (its location) of the configuration file .gnupgp.mutt, in a line at the end of the ~/.muttrc file. The directory in which we put this and other optional configuration files can be anywhere, if we have correct permissions (in a previous section we included it inside the ~/Mail/) directory, or any other inside our home directory, with any name:

~$ mkdir mutt.varios

in which we copy (or create) the optional configuration file .gnupgp.mutt, and next we set the origin of this file in the .muttrc file with the source command, like the following:

source ~/mutt.varios/.gnupgp.mutt

Now Mutt will accept configuration variables in .gnupgp.mutt as if it were in .muttrc directly.

This method is a good way to avoid having a very big, unsorted configuration file, and can be used to set any other group of configuration variables in other separate file. For example, as before, if we use vim as the default editor in Mutt, we can tell to .muttrc to use a different configuration file .vimrc that we use when using vim from the command line. First, copy ~/.vimrc to our optional configuration files directory ~/mutt.varios/ and set it with other name (ex. vim.mutt):

$ cd /home/user ~$ cp .vimrc mutt.varios/vim.mutt

next change the configuration variables that we want to be different in vim as the Mutt editor, and finally modify .muttrc to reflect this change:

set editor="/usr/bin/vim -u ~/mutt.varios/vim.mutt"

With this last line we are setting Mutt to use an external editor, Vim, with the needed configuration options.

There are some variables that we will use globally with the three public key encrypt programs with Mutt. These variables are boolean, and can be set (activated) or unset (deactivated).

In the configuration file (~/.muttrc, or ~/mutt.varios/.gnupgp.mutt, or whatever you use), the sign (#) is a comment and will be ignored. So, we will use it from here in advance to comment each variable:

unset pgp_autosign

# if this variables is set, Mutt will ask to sign all the
# outbound messages. (1)

unset pgp_autoencrypt

# if this variable is set, Mutt will ask to encrypt all the
# outbound messages. (1)

set pgp_encryptself

# save an encrypted copy of all sent messages that we want to encrypt
# (need the general configuration variable set copy=yes).

set pgp_replysign

# when you answer a signed message, the response message will be
# signed too.

set pgp_replyencrypt

# when you answer an encrypted message, the response message
# will be encrypted too.

set pgp_verify_sig=yes

# Do you want to automatically verify incoming signed messages?
# Of course!

In the three next sections the configuration variables to each of the PGP versions will be explained. The fourth section will explain how to modify the variables if you use more than one PGP version.

(1) as Mutt requires to type the passphrase every time you want to sign or select the receipts if you want to encrypt, it may be unconvenient to set this variable. Possibly you may want to unset this variable. This is specially true encrypting messages, as you don't have all the public keys of the message receipts.

(2) depending on the number of messages that we sign or decrypt, we would like to maintain the pass phrase in cache memory more or less time. This option avoid you from type the pass phrase each time you sign a new message or decrypt an incoming message. Warning: maintaining the pass phrase in cache memory is not secure, specially in network connected systems.

(3) this is only necesary with the key that we use to sign. When the key is selected from the compose menu, Mutt will calculate the algoritm.

To use PGP2 with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt file:

set pgp_default_version=pgp2
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-md5
set pgp_v2=/usr/bin/pgp
set pgp_v2_pubring=~/.pgp/pubring.pgp
set pgp_v2_secring=~/.pgp/secring.pgp

As you know, the ~/.pgp/pubring.pgp and secring.pgp files must exist. More information on PGP2 with the man pgp command.

To use PGP5 with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt file:

set pgp_default_version=pgp5
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_v5=/usr/bin/pgp
set pgp_v5_pubring=~/.pgp/pubring.pkr
set pgp_v5_secring=~/.pgp/secring.skr

As you know, the ~/.pgp/pubring.pkr and secring.pkr files must exist. More information on PGP 5 with the man pgp5 command.

To use GnuPG with Mutt-i you need to add the following lines to the ~/mutt.varios/.gnupgp.mutt file:

set pgp_default_version=gpg
set pgp_key_version=default
set pgp_receive_version=default
set pgp_send_version=default
set pgp_sign_micalg=pgp-sha1
set pgp_gpg=/usr/bin/gpg
set pgp_gpg_pubring=~/.gnupg/pubring.gpg
set pgp_gpg_secring=~/.gnupg/secring.gpg

As you know, the ~/.gnupg/pubring.gpg and secring.gpg files must exist. More information on GnuPG with the man gpg.gnupg, man gpgm, and man gpg commands.

If you want to use more than one PGP software you need to modify some of the variables that we have commented previously. Really, it is only to remove the redundant version variables.

If, for example, you want to use GnuPG as the default signing tool, all menu commands in Mutt to use GnuPG/PGP would call to this program to the signing, decrypting, encrypting, verifying, etc... operations
To do that you must set the configuration variable $set_pgp_defaultonce, so:

set pgp_default_version=gpg

now, to use the all three programs, the ~/mutt.varios/.gnupgp.mutt file could be like this:

set pgp_default_version=gpg # default version to use
set pgp_key_version=default # default key to use
# in this case, gnupg defines it
set pgp_receive_version=default # default version to decrypt will be the default
set pgp_send_version=default # version defined in the first line (gpg)
set pgp_gpg=/usr/bin/gpg # where to find the GnuPG binary
set pgp_gpg_pubring=~/.gnupg/pubring.gpg # public key file to GnuPG
set pgp_gpg_secring=~/.gnupg/secring.gpg # secret key file to GnuPG
set pgp_v2=/usr/bin/pgp # where to find the PGP2 binary
set pgp_v2_pubring=~/.pgp/pubring.pgp # public key file to PGP2
set pgp_v2_secring=~/.pgp/secring.pgp # secret key file to PGP2
set pgp_v5=/usr/bin/pgp # where to find the PGP5 binary
set pgp_v5_pubring=~/.pgp/pubring.pkr # public key file to PGP5
set pgp_v5_secring=~/.pgp/secring.skr # secret key file to PGP5